CVE-2024-12433

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-12433
A vulnerability in infiniflow/ragflow versions v0.12.0 allows for remote code execution. The RPC server in RagFlow uses a hard-coded AuthKey 'authkey=b'infiniflow-token4kevinhu'' which can be easily fetched by attackers to join the group communication without restrictions. Additionally, the server processes incoming data using pickle deserialization via `pickle.loads()` on `connection.recv()`, making it vulnerable to remote code execution. This issue is fixed in version 0.14.0.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/infiniflow/ragflow/commit/49494d4e3c8f06a5e52cf1f7cce9fa03cadcfbf6 Patch
https://huntr.com/bounties/8a1465af-09e4-42af-9e54-0b70e7c87499 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:infiniflow:ragflow:*:*:*:*:*:*:*:*
History

14 Jul 2025, 17:53

Type Values Removed Values Added
CPE cpe:2.3:a:infiniflow:ragflow:*:*:*:*:*:*:*:*
First Time Infiniflow
Infiniflow ragflow
References () https://github.com/infiniflow/ragflow/commit/49494d4e3c8f06a5e52cf1f7cce9fa03cadcfbf6 - () https://github.com/infiniflow/ragflow/commit/49494d4e3c8f06a5e52cf1f7cce9fa03cadcfbf6 - Patch
References () https://huntr.com/bounties/8a1465af-09e4-42af-9e54-0b70e7c87499 - () https://huntr.com/bounties/8a1465af-09e4-42af-9e54-0b70e7c87499 - Exploit, Third Party Advisory
Summary
  • (es) Una vulnerabilidad en las versiones v0.12.0 de infiniflow/ragflow permite la ejecución remota de código. El servidor RPC de RagFlow utiliza una clave de autenticación (AuthKey) "authkey=b'infiniflow-token4kevinhu'', que los atacantes pueden obtener fácilmente para unirse a la comunicación grupal sin restricciones. Además, el servidor procesa los datos entrantes mediante la deserialización de pickle mediante `pickle.loads()` en `connection.recv()`, lo que lo hace vulnerable a la ejecución remota de código. Este problema se solucionó en la versión 0.14.0.

20 Mar 2025, 10:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-20 10:15

Updated : 2025-07-14 17:53

NVD link : CVE-2024-12433

Mitre link : CVE-2024-12433

CVE.ORG link : CVE-2024-12433

JSON object : View

Products Affected

infiniflow

  • ragflow
CWE
CWE-502

Deserialization of Untrusted Data